Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. [ 48.261636] random: sshd: uninitialized urandom read (32 bytes read) [ 48.383845] audit: type=1400 audit(1569965291.656:36): avc: denied { map } for pid=6981 comm="syz-executor111" path="/root/syz-executor111979455" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.620924] IPVS: ftp: loaded support on port[0] = 21 [ 49.408445] chnl_net:caif_netlink_parms(): no params data found [ 49.436959] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.443798] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.451403] device bridge_slave_0 entered promiscuous mode [ 49.459159] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.465942] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.474333] device bridge_slave_1 entered promiscuous mode [ 49.488271] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.497383] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.513278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.520698] team0: Port device team_slave_0 added [ 49.526143] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.533330] team0: Port device team_slave_1 added [ 49.538566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.545872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.592114] device hsr_slave_0 entered promiscuous mode [ 49.640362] device hsr_slave_1 entered promiscuous mode [ 49.680606] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.687615] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.700458] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.706988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.713967] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.720452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.747599] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.754809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.763768] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.772359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.791266] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.798373] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.809121] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.815900] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.823972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.831572] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.837892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.846758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.856016] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.862594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.876814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.884945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.895785] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.908173] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.919176] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.930988] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.938038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready executing program [ 49.946049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.954033] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.965397] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 49.975282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.999269] netlink: 80 bytes leftover after parsing attributes in process `syz-executor111'. [ 50.008245] netlink: 48 bytes leftover after parsing attributes in process `syz-executor111'. [ 50.018342] [ 50.020087] ============================= [ 50.024222] WARNING: suspicious RCU usage [ 50.028533] 4.14.146 #0 Not tainted [ 50.032198] ----------------------------- [ 50.036512] ./include/net/sch_generic.h:303 suspicious rcu_dereference_check() usage! [ 50.044703] [ 50.044703] other info that might help us debug this: [ 50.044703] [ 50.053822] [ 50.053822] rcu_scheduler_active = 2, debug_locks = 1 [ 50.060536] 3 locks held by syz-executor111/6982: [ 50.065405] #0: (rcu_read_lock_bh){....}, at: [] ip_finish_output2+0x256/0x14a0 [ 50.074650] #1: (rcu_read_lock_bh){....}, at: [] __dev_queue_xmit+0x1e2/0x25e0 [ 50.083815] #2: (&qdisc_tx_lock){+...}, at: [] __dev_queue_xmit+0x11c0/0x25e0 [ 50.092960] [ 50.092960] stack backtrace: [ 50.097452] CPU: 1 PID: 6982 Comm: syz-executor111 Not tainted 4.14.146 #0 [ 50.104462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.113800] Call Trace: [ 50.116551] dump_stack+0x138/0x197 [ 50.120167] lockdep_rcu_suspicious+0x153/0x15d [ 50.125029] netem_enqueue+0x79c/0x2780 [ 50.128985] ? lock_acquire+0x16f/0x430 [ 50.132961] ? __dev_queue_xmit+0x11c0/0x25e0 [ 50.137445] __dev_queue_xmit+0x12da/0x25e0 [ 50.141846] ? netdev_pick_tx+0x300/0x300 [ 50.145977] ? find_held_lock+0x35/0x130 [ 50.150032] ? ip_finish_output+0x56d/0xc60 [ 50.154637] dev_queue_xmit+0x18/0x20 [ 50.158417] ? dev_queue_xmit+0x18/0x20 [ 50.162372] ip_finish_output2+0xddc/0x14a0 [ 50.166683] ? ip_copy_metadata+0x9b0/0x9b0 [ 50.171005] ip_finish_output+0x56d/0xc60 [ 50.175229] ? ip_finish_output+0x56d/0xc60 [ 50.179555] ip_mc_output+0x24a/0xd40 [ 50.183370] ? ip_queue_xmit+0x1b10/0x1b10 [ 50.187592] ? ip_fragment.constprop.0+0x200/0x200 [ 50.192516] ? ip_flush_pending_frames+0x30/0x30 [ 50.197255] ip_local_out+0x97/0x170 [ 50.200958] ip_send_skb+0x3e/0xc0 [ 50.204589] udp_send_skb+0x616/0xb90 [ 50.208394] ? ipv4_dst_check+0x10d/0x160 [ 50.212625] udp_sendmsg+0x16df/0x1da0 [ 50.216502] ? ip_reply_glue_bits+0xb0/0xb0 [ 50.220822] ? udp4_seq_show+0x520/0x520 [ 50.224864] ? rw_copy_check_uvector+0x1f1/0x290 [ 50.229607] ? sock_has_perm+0x1ed/0x280 [ 50.233653] ? selinux_tun_dev_create+0xc0/0xc0 [ 50.238310] ? dup_iter+0x260/0x260 [ 50.241933] ? copy_msghdr_from_user+0x292/0x3f0 [ 50.246700] inet_sendmsg+0x122/0x500 [ 50.250504] ? inet_recvmsg+0x500/0x500 [ 50.254460] sock_sendmsg+0xce/0x110 [ 50.258172] ___sys_sendmsg+0x349/0x840 [ 50.262131] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 50.266927] ? trace_hardirqs_on+0x10/0x10 [ 50.271244] ? find_held_lock+0x35/0x130 [ 50.275296] ? ip4_datagram_release_cb+0x1ce/0x9b0 [ 50.280216] ? save_trace+0x290/0x290 [ 50.284004] ? find_held_lock+0x35/0x130 [ 50.288051] ? ip4_datagram_release_cb+0x1ce/0x9b0 [ 50.292968] ? __might_fault+0x110/0x1d0 [ 50.297022] ? find_held_lock+0x35/0x130 [ 50.301082] ? __might_fault+0x110/0x1d0 [ 50.305138] __sys_sendmmsg+0x152/0x3a0 [ 50.309193] ? SyS_sendmsg+0x50/0x50 [ 50.312897] ? _raw_spin_unlock_bh+0x31/0x40 [ 50.317291] ? SYSC_connect+0xe7/0x2d0 [ 50.321159] ? SYSC_bind+0x220/0x220 [ 50.324855] ? selinux_socket_setsockopt+0x65/0x80 [ 50.329774] ? SyS_recv+0x40/0x40 [ 50.333225] SyS_sendmmsg+0x35/0x60 [ 50.336831] ? __sys_sendmmsg+0x3a0/0x3a0 [ 50.341047] do_syscall_64+0x1e8/0x640 [ 50.344916] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 50.349781] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 50.354980] RIP: 0033:0x441b59 [ 50.358154] RSP: 002b:00007ffcb1fc9af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 50.365864] RAX: ffffffffffffffda RBX: 0000315f6576616c RCX: 0000000000441b59 [ 50.373119] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 50.380990] RBP: 735f656764697262 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 50.388244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.395845] R13: 00000000004030f0 R14: 0000000000000000 R15: 0000000000000000 [ 50.406214] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready